cfcfdf474ced132e0a273126866353ff330c66f3dc0e48319636f80430974059

General

Target

f01e76ccc78b50a89ba1ef36b8a66854_JaffaCakes118.exe
Size

647KB
MD5

f01e76ccc78b50a89ba1ef36b8a66854
SHA1

50a23118e23ab51faacca36ac3113c684e6e434a
SHA256

cfcfdf474ced132e0a273126866353ff330c66f3dc0e48319636f80430974059
SHA512

bc836ac121dc1a391638a786dbdbf18277c22c8a85c68c89de04963591db8ab5b517100a14d72be46390bdf1f711155716a9d2d7b129237186f48d6566305c0a
SSDEEP

12288:HCWLDi4htj4EejS1F3Z4mxxE8E7PIxyJ00riPeZdRZD98:HTi47jJlQmXE8E7wxngq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	Hacker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	f01e76ccc78b50a89ba1ef36b8a66854_JaffaCakes118.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	f01e76ccc78b50a89ba1ef36b8a66854_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2612	f01e76ccc78b50a89ba1ef36b8a66854_JaffaCakes118.exe
Token: SeDebugPrivilege	2984	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2984	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2640	2984	Hacker.com.cn.exe	29
PID 2984 wrote to memory of 2640	2984	Hacker.com.cn.exe	29
PID 2984 wrote to memory of 2640	2984	Hacker.com.cn.exe	29
PID 2984 wrote to memory of 2640	2984	Hacker.com.cn.exe	29

C:\Users\Admin\AppData\Local\Temp\f01e76ccc78b50a89ba1ef36b8a66854_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f01e76ccc78b50a89ba1ef36b8a66854_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2612

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
647KB

MD5
f01e76ccc78b50a89ba1ef36b8a66854

SHA1
50a23118e23ab51faacca36ac3113c684e6e434a

SHA256
cfcfdf474ced132e0a273126866353ff330c66f3dc0e48319636f80430974059

SHA512
bc836ac121dc1a391638a786dbdbf18277c22c8a85c68c89de04963591db8ab5b517100a14d72be46390bdf1f711155716a9d2d7b129237186f48d6566305c0a

Download Submit
memory/2612-20-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/2612-16-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/2612-12-0x0000000003280000-0x0000000003283000-memory.dmp

Filesize
12KB

Download
memory/2612-11-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2612-10-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2612-9-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2612-8-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2612-7-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2612-6-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2612-5-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2612-4-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2612-3-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2612-2-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2612-14-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2612-21-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2612-1-0x0000000000580000-0x00000000005D4000-memory.dmp

Filesize
336KB

Download
memory/2612-13-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2612-15-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2612-19-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/2612-0-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2612-33-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2612-34-0x0000000000580000-0x00000000005D4000-memory.dmp

Filesize
336KB

Download
memory/2984-25-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/2984-32-0x00000000002D0000-0x0000000000324000-memory.dmp

Filesize
336KB

Download
memory/2984-31-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2984-30-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2984-29-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/2984-28-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2984-27-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2984-26-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/2984-23-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2984-35-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2984-37-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing